[openssl] master update

shane.lontis at oracle.com shane.lontis at oracle.com
Mon Nov 11 00:23:02 UTC 2019


The branch master has been updated
       via  8fece3355a76bf9c82d13b5389f88a3649c1e547 (commit)
      from  1903a9b77af1aa289ce858de90790f3e2749fea9 (commit)


- Log -----------------------------------------------------------------
commit 8fece3355a76bf9c82d13b5389f88a3649c1e547
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu Oct 10 16:42:20 2019 +1000

    Add rc4_hmac_md5 cipher to default provider
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10179)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_enc.c                               |   1 +
 providers/defltprov.c                              |   3 +
 providers/implementations/ciphers/build.info       |   4 +
 .../implementations/ciphers/cipher_rc4_hmac_md5.c  | 191 +++++++++++++++++
 .../implementations/ciphers/cipher_rc4_hmac_md5.h  |  33 +++
 .../ciphers/cipher_rc4_hmac_md5_hw.c               | 225 +++++++++++++++++++++
 .../implementations/include/prov/implementations.h |   3 +
 7 files changed, 460 insertions(+)
 create mode 100644 providers/implementations/ciphers/cipher_rc4_hmac_md5.c
 create mode 100644 providers/implementations/ciphers/cipher_rc4_hmac_md5.h
 create mode 100644 providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index ec02283b5e..3346e57dae 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -283,6 +283,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
         case NID_rc2_ofb64:
         case NID_chacha20:
         case NID_chacha20_poly1305:
+        case NID_rc4_hmac_md5:
             break;
         default:
             goto legacy;
diff --git a/providers/defltprov.c b/providers/defltprov.c
index 186f1f5368..5384028a8d 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -285,6 +285,9 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
 #ifndef OPENSSL_NO_RC4
     { "RC4", "default=yes", rc4128_functions },
     { "RC4-40", "default=yes", rc440_functions },
+# ifndef OPENSSL_NO_MD5
+    { "RC4-HMAC-MD5", "default=yes", rc4_hmac_md5_functions },
+# endif /* OPENSSL_NO_MD5 */
 #endif /* OPENSSL_NO_RC4 */
 #ifndef OPENSSL_NO_RC5
     { "RC5-ECB", "default=yes", rc5128ecb_functions },
diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info
index 1ac2a70ca6..0a76962669 100644
--- a/providers/implementations/ciphers/build.info
+++ b/providers/implementations/ciphers/build.info
@@ -97,6 +97,10 @@ ENDIF
 IF[{- !$disabled{rc4} -}]
   SOURCE[$RC4_GOAL]=\
       cipher_rc4.c cipher_rc4_hw.c
+ IF[{- !$disabled{md5} -}]
+   SOURCE[$RC4_GOAL]=\
+       cipher_rc4_hmac_md5.c cipher_rc4_hmac_md5_hw.c
+ ENDIF
 ENDIF
 
 IF[{- !$disabled{rc5} -}]
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
new file mode 100644
index 0000000000..e7736bb0f3
--- /dev/null
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for RC4_HMAC_MD5 cipher */
+
+#include "cipher_rc4_hmac_md5.h"
+#include "prov/implementations.h"
+#include "prov/providercommonerr.h"
+
+/* TODO(3.0) Figure out what flags are required */
+#define RC4_HMAC_MD5_FLAGS (EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH  \
+                            | EVP_CIPH_FLAG_AEAD_CIPHER)
+
+#define RC4_HMAC_MD5_KEY_BITS (16 * 8)
+#define RC4_HMAC_MD5_BLOCK_BITS (1 * 8)
+#define RC4_HMAC_MD5_IV_BITS 0
+#define RC4_HMAC_MD5_MODE 0
+
+#define GET_HW(ctx) ((PROV_CIPHER_HW_RC4_HMAC_MD5 *)ctx->base.hw)
+
+static OSSL_OP_cipher_newctx_fn rc4_hmac_md5_newctx;
+static OSSL_OP_cipher_freectx_fn rc4_hmac_md5_freectx;
+static OSSL_OP_cipher_get_ctx_params_fn rc4_hmac_md5_get_ctx_params;
+static OSSL_OP_cipher_gettable_ctx_params_fn rc4_hmac_md5_gettable_ctx_params;
+static OSSL_OP_cipher_set_ctx_params_fn rc4_hmac_md5_set_ctx_params;
+static OSSL_OP_cipher_settable_ctx_params_fn rc4_hmac_md5_settable_ctx_params;
+static OSSL_OP_cipher_get_params_fn rc4_hmac_md5_get_params;
+#define rc4_hmac_md5_gettable_params cipher_generic_gettable_params
+#define rc4_hmac_md5_einit cipher_generic_einit
+#define rc4_hmac_md5_dinit cipher_generic_dinit
+#define rc4_hmac_md5_update cipher_generic_stream_update
+#define rc4_hmac_md5_final cipher_generic_stream_final
+#define rc4_hmac_md5_cipher cipher_generic_cipher
+
+static void *rc4_hmac_md5_newctx(void *provctx)
+{
+    PROV_RC4_HMAC_MD5_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx != NULL)
+        cipher_generic_initkey(ctx, RC4_HMAC_MD5_KEY_BITS,
+                               RC4_HMAC_MD5_BLOCK_BITS,
+                               RC4_HMAC_MD5_IV_BITS,
+                               RC4_HMAC_MD5_MODE, RC4_HMAC_MD5_FLAGS,
+                               PROV_CIPHER_HW_rc4_hmac_md5(RC4_HMAC_MD5_KEY_BITS),
+                               NULL);
+     return ctx;
+}
+
+static void rc4_hmac_md5_freectx(void *vctx)
+{
+    PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)vctx;
+
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+static const OSSL_PARAM rc4_hmac_md5_known_gettable_ctx_params[] = {
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
+    OSSL_PARAM_END
+};
+const OSSL_PARAM *rc4_hmac_md5_gettable_ctx_params(void)
+{
+    return rc4_hmac_md5_known_gettable_ctx_params;
+}
+
+static int rc4_hmac_md5_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+    PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)vctx;
+    OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    return 1;
+}
+
+static const OSSL_PARAM rc4_hmac_md5_known_settable_ctx_params[] = {
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
+    OSSL_PARAM_END
+};
+const OSSL_PARAM *rc4_hmac_md5_settable_ctx_params(void)
+{
+    return rc4_hmac_md5_known_settable_ctx_params;
+}
+
+static int rc4_hmac_md5_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)vctx;
+    const OSSL_PARAM *p;
+    size_t sz;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
+    if (p != NULL) {
+        if (!OSSL_PARAM_get_size_t(p, &sz)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+        if (ctx->base.keylen != sz) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+            return 0;
+        }
+    }
+
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
+    if (p != NULL) {
+        if (!OSSL_PARAM_get_size_t(p, &sz)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+        if (ctx->base.ivlen != sz) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+            return 0;
+        }
+    }
+
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
+    if (p != NULL) {
+        if (p->data_type != OSSL_PARAM_OCTET_STRING) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+        sz = GET_HW(ctx)->tls_init(&ctx->base, p->data, p->data_size);
+        if (sz == 0) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
+            return 0;
+        }
+        ctx->tls_aad_pad_sz = sz;
+    }
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
+    if (p != NULL) {
+        if (p->data_type != OSSL_PARAM_OCTET_STRING) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+        GET_HW(ctx)->init_mackey(&ctx->base, p->data, p->data_size);
+    }
+    return 1;
+}
+
+static int rc4_hmac_md5_get_params(OSSL_PARAM params[])
+{
+    return cipher_generic_get_params(params, RC4_HMAC_MD5_MODE,
+                                     RC4_HMAC_MD5_FLAGS,
+                                     RC4_HMAC_MD5_KEY_BITS,
+                                     RC4_HMAC_MD5_BLOCK_BITS,
+                                     RC4_HMAC_MD5_IV_BITS);
+}
+
+const OSSL_DISPATCH rc4_hmac_md5_functions[] = {
+    { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))rc4_hmac_md5_newctx },
+    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))rc4_hmac_md5_freectx },
+    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))rc4_hmac_md5_einit },
+    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))rc4_hmac_md5_dinit },
+    { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))rc4_hmac_md5_update },
+    { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))rc4_hmac_md5_final },
+    { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))rc4_hmac_md5_cipher },
+    { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))rc4_hmac_md5_get_params },
+    { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,
+        (void (*)(void))rc4_hmac_md5_gettable_params },
+    { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,
+        (void (*)(void))rc4_hmac_md5_get_ctx_params },
+    { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,
+        (void (*)(void))rc4_hmac_md5_gettable_ctx_params },
+    { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,
+        (void (*)(void))rc4_hmac_md5_set_ctx_params },
+    { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,
+        (void (*)(void))rc4_hmac_md5_settable_ctx_params },
+    { 0, NULL }
+};
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.h b/providers/implementations/ciphers/cipher_rc4_hmac_md5.h
new file mode 100644
index 0000000000..ff7ed7ef86
--- /dev/null
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc4.h>
+#include <openssl/md5.h>
+#include "prov/ciphercommon.h"
+
+typedef struct prov_rc4_hmac_md5_ctx_st {
+    PROV_CIPHER_CTX base;      /* Must be first */
+    union {
+        OSSL_UNION_ALIGN;
+        RC4_KEY ks;
+    } ks;
+    MD5_CTX head, tail, md;
+    size_t payload_length;
+    size_t tls_aad_pad_sz;
+} PROV_RC4_HMAC_MD5_CTX;
+
+typedef struct prov_cipher_hw_rc4_hmac_md5_st {
+    PROV_CIPHER_HW base; /* Must be first */
+    int (*tls_init)(PROV_CIPHER_CTX *ctx, unsigned char *aad, size_t aad_len);
+    void (*init_mackey)(PROV_CIPHER_CTX *ctx, const unsigned char *key,
+                        size_t len);
+
+} PROV_CIPHER_HW_RC4_HMAC_MD5;
+
+const PROV_CIPHER_HW *PROV_CIPHER_HW_rc4_hmac_md5(size_t keybits);
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
new file mode 100644
index 0000000000..d3098b1b3c
--- /dev/null
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* RC4_HMAC_MD5 cipher implementation */
+
+#include "cipher_rc4_hmac_md5.h"
+
+#define NO_PAYLOAD_LENGTH ((size_t)-1)
+
+#if defined(RC4_ASM)                                                           \
+    && defined(MD5_ASM)                                                        \
+    && (defined(__x86_64)                                                      \
+        || defined(__x86_64__)                                                 \
+        || defined(_M_AMD64)                                                   \
+        || defined(_M_X64))
+# define STITCHED_CALL
+# define MOD 32 /* 32 is $MOD from rc4_md5-x86_64.pl */
+#else
+# define rc4_off 0
+# define md5_off 0
+#endif
+
+static int cipher_hw_rc4_hmac_md5_initkey(PROV_CIPHER_CTX *bctx,
+                                          const uint8_t *key, size_t keylen)
+{
+    PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx;
+
+    RC4_set_key(&ctx->ks.ks, keylen, key);
+    MD5_Init(&ctx->head);       /* handy when benchmarking */
+    ctx->tail = ctx->head;
+    ctx->md = ctx->head;
+    ctx->payload_length = NO_PAYLOAD_LENGTH;
+    return 1;
+}
+
+static int cipher_hw_rc4_hmac_md5_cipher(PROV_CIPHER_CTX *bctx,
+                                         unsigned char *out,
+                                         const unsigned char *in, size_t len)
+{
+    PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx;
+    RC4_KEY *ks = &ctx->ks.ks;
+
+#if defined(STITCHED_CALL)
+    size_t rc4_off = MOD - 1 - (ks->x & (MOD - 1));
+    size_t md5_off = MD5_CBLOCK - ctx->md.num, blocks;
+    unsigned int l;
+#endif
+    size_t plen = ctx->payload_length;
+
+    if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
+        return 0;
+
+    if (ctx->base.enc) {
+        if (plen == NO_PAYLOAD_LENGTH)
+            plen = len;
+#if defined(STITCHED_CALL)
+        /* cipher has to "fall behind" */
+        if (rc4_off > md5_off)
+            md5_off += MD5_CBLOCK;
+
+        if (plen > md5_off
+                && (blocks = (plen - md5_off) / MD5_CBLOCK)
+                && (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
+            MD5_Update(&ctx->md, in, md5_off);
+            RC4(ks, rc4_off, in, out);
+
+            rc4_md5_enc(ks, in + rc4_off, out + rc4_off,
+                        &ctx->md, in + md5_off, blocks);
+            blocks *= MD5_CBLOCK;
+            rc4_off += blocks;
+            md5_off += blocks;
+            ctx->md.Nh += blocks >> 29;
+            ctx->md.Nl += blocks <<= 3;
+            if (ctx->md.Nl < (unsigned int)blocks)
+                ctx->md.Nh++;
+        } else {
+            rc4_off = 0;
+            md5_off = 0;
+        }
+#endif
+        MD5_Update(&ctx->md, in + md5_off, plen - md5_off);
+
+        if (plen != len) {      /* "TLS" mode of operation */
+            if (in != out)
+                memcpy(out + rc4_off, in + rc4_off, plen - rc4_off);
+
+            /* calculate HMAC and append it to payload */
+            MD5_Final(out + plen, &ctx->md);
+            ctx->md = ctx->tail;
+            MD5_Update(&ctx->md, out + plen, MD5_DIGEST_LENGTH);
+            MD5_Final(out + plen, &ctx->md);
+            /* encrypt HMAC at once */
+            RC4(ks, len - rc4_off, out + rc4_off, out + rc4_off);
+        } else {
+            RC4(ks, len - rc4_off, in + rc4_off, out + rc4_off);
+        }
+    } else {
+        unsigned char mac[MD5_DIGEST_LENGTH];
+
+#if defined(STITCHED_CALL)
+        /* digest has to "fall behind" */
+        if (md5_off > rc4_off)
+            rc4_off += 2 * MD5_CBLOCK;
+        else
+            rc4_off += MD5_CBLOCK;
+
+        if (len > rc4_off
+                && (blocks = (len - rc4_off) / MD5_CBLOCK)
+                && (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
+            RC4(ks, rc4_off, in, out);
+            MD5_Update(&ctx->md, out, md5_off);
+
+            rc4_md5_enc(ks, in + rc4_off, out + rc4_off,
+                        &ctx->md, out + md5_off, blocks);
+            blocks *= MD5_CBLOCK;
+            rc4_off += blocks;
+            md5_off += blocks;
+            l = (ctx->md.Nl + (blocks << 3)) & 0xffffffffU;
+            if (l < ctx->md.Nl)
+                ctx->md.Nh++;
+            ctx->md.Nl = l;
+            ctx->md.Nh += blocks >> 29;
+        } else {
+            md5_off = 0;
+            rc4_off = 0;
+        }
+#endif
+        /* decrypt HMAC at once */
+        RC4(ks, len - rc4_off, in + rc4_off, out + rc4_off);
+        if (plen != NO_PAYLOAD_LENGTH) {
+            /* "TLS" mode of operation */
+            MD5_Update(&ctx->md, out + md5_off, plen - md5_off);
+
+            /* calculate HMAC and verify it */
+            MD5_Final(mac, &ctx->md);
+            ctx->md = ctx->tail;
+            MD5_Update(&ctx->md, mac, MD5_DIGEST_LENGTH);
+            MD5_Final(mac, &ctx->md);
+
+            if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
+                return 0;
+        } else {
+            MD5_Update(&ctx->md, out + md5_off, len - md5_off);
+        }
+    }
+
+    ctx->payload_length = NO_PAYLOAD_LENGTH;
+
+    return 1;
+}
+
+static int cipher_hw_rc4_hmac_md5_tls_init(PROV_CIPHER_CTX *bctx,
+                                           unsigned char *aad, size_t aad_len)
+{
+    PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx;
+    unsigned int len;
+
+    if (aad_len != EVP_AEAD_TLS1_AAD_LEN)
+        return 0;
+
+    len = aad[aad_len - 2] << 8 | aad[aad_len - 1];
+
+    if (!bctx->enc) {
+        if (len < MD5_DIGEST_LENGTH)
+            return 0;
+        len -= MD5_DIGEST_LENGTH;
+        aad[aad_len - 2] = len >> 8;
+        aad[aad_len - 1] = len;
+    }
+    ctx->payload_length = len;
+    ctx->md = ctx->head;
+    MD5_Update(&ctx->md, aad, aad_len);
+
+    return MD5_DIGEST_LENGTH;
+}
+
+static void cipher_hw_rc4_hmac_md5_init_mackey(PROV_CIPHER_CTX *bctx,
+                                               const unsigned char *key,
+                                               size_t len)
+{
+    PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx;
+    unsigned int i;
+    unsigned char hmac_key[64];
+
+    memset(hmac_key, 0, sizeof(hmac_key));
+
+    if (len > (int)sizeof(hmac_key)) {
+        MD5_Init(&ctx->head);
+        MD5_Update(&ctx->head, key, len);
+        MD5_Final(hmac_key, &ctx->head);
+    } else {
+        memcpy(hmac_key, key, len);
+    }
+
+    for (i = 0; i < sizeof(hmac_key); i++)
+        hmac_key[i] ^= 0x36; /* ipad */
+    MD5_Init(&ctx->head);
+    MD5_Update(&ctx->head, hmac_key, sizeof(hmac_key));
+
+    for (i = 0; i < sizeof(hmac_key); i++)
+        hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
+    MD5_Init(&ctx->tail);
+    MD5_Update(&ctx->tail, hmac_key, sizeof(hmac_key));
+
+    OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+}
+
+static const PROV_CIPHER_HW_RC4_HMAC_MD5 rc4_hmac_md5_hw = {
+    {
+      cipher_hw_rc4_hmac_md5_initkey,
+      cipher_hw_rc4_hmac_md5_cipher
+    },
+    cipher_hw_rc4_hmac_md5_tls_init,
+    cipher_hw_rc4_hmac_md5_init_mackey
+};
+const PROV_CIPHER_HW *PROV_CIPHER_HW_rc4_hmac_md5(size_t keybits)
+{
+    return (PROV_CIPHER_HW *)&rc4_hmac_md5_hw;
+}
diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index 9aef2c3768..e241e6b49a 100644
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -202,6 +202,9 @@ extern const OSSL_DISPATCH des_cfb8_functions[];
 #ifndef OPENSSL_NO_RC4
 extern const OSSL_DISPATCH rc440_functions[];
 extern const OSSL_DISPATCH rc4128_functions[];
+# ifndef OPENSSL_NO_MD5
+extern const OSSL_DISPATCH rc4_hmac_md5_functions[];
+# endif /* OPENSSL_NO_MD5 */
 #endif /* OPENSSL_NO_RC4 */
 #ifndef OPENSSL_NO_CHACHA
 extern const OSSL_DISPATCH chacha20_functions[];


More information about the openssl-commits mailing list